Get Indicators for Report

GET /1.3/reports/{id}/indicators

Description

Returns a paginated list of all indicators contained in a specified report.

Note

If called immediately after report submission, IOCs extraction might not have completed yet. This can result in a 404 (not found) error.

Parameters

Parameter Required Default Description
id X   TruSTAR report id or external tracking id
idType   internal internal or external
applyWhitelist   true if true, whitelisted indicators will be filtered out; otherwise, all indicators will be included but will contain a field whitelisted, representing whether they have been whitelisted or not
pageNumber   0 which page of the result set to get
pageSize   100 The number of results per page. Max allowed size is 1000.

Response (200)

A page of Indicator object.

Example Usage

Request

curl -k -X GET -H "Authorization: Bearer {access_token}" \
     "https://api.trustar.co/api/1.3/reports/1234/indicators?idType=external"

Response

{
    "items": [
        {
            "indicatorType": "MALWARE",
            "value": "LOCKY",
            "weight": 1
        },
        {
            "indicatorType": "URL",
            "value": "evil.com",
            "weight": 1
        },
        {
            "indicatorType": "EMAIL_ADDRESS",
            "value": "attacker@evil.com",
            "weight": 1
        },
        {
            "indicatorType": "URL",
            "value": "bamb.com",
            "weight": 1
        }
    ],
    "hasNext": false,
    "pageSize": 25,
    "pageNumber": 0
}